package com.tcrow.handler;

import com.jfinal.handler.Handler;
import com.jfinal.kit.StrKit;
import com.tcrow.servlet.HttpServletRequestWrapper;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * 统一XSS处理
 */
public class XssHandler extends Handler {

    private final String exclude;

    public XssHandler(String exclude) {
        this.exclude = exclude;
    }

    @Override
    public void handle(String target, HttpServletRequest request,
                       HttpServletResponse response, boolean[] isHandled) {
        if (target.indexOf('.') == -1 && StrKit.notBlank(exclude) && target.contains(exclude)) {
            request = new HttpServletRequestWrapper(request);
        }
        nextHandler.handle(target, request, response, isHandled);
    }
}
